Not There Yet

The meteoric growth of cyber-extortion as a prominent threat faced by enterprises has raised a new ethical conundrum for information security executives: to negotiate or not to negotiate? As extortionists have become more creative and precise in their theft and ransoming of valuable business data, what was once unthinkable—negotiating with criminals—has increasingly become standard practice. In fact, it's so standard that nearly one-third of security professionals surveyed are willing to play ball with cyber-criminals in order to get valuable data back. Such is the stand-out finding of a recent survey conducted by threat prevention software vendor ThreatTrack Security. "A surprising number of security pros would concede to cyber-criminal demands to avoid the consequences of data compromise, loss or misappropriation," said Stuart Itkin, ThreatTrack senior vice president. By re-evaluating their security strategies to ensure rapid detection and elimination of threats, as well as the ability to restore encrypted data, Itkin said that enterprises "will neutralize the incentives that are driving cyber-crime extortion and help ensure security professionals will not have to face this difficult choice."

Tony has been writing about the intersection of technology and business for more than 20 years and currently freelances from the Grass Valley, Calif., home where he and his wife are raising their two boys. A 1988 graduate of the University of Missouri-Columbia School of Journalism and regular contributor to Baseline since 2007, Tony's somewhat infrequent Twitter posts can be found at http://twitter.com/tkontzer.